WORLD INTELLECTUAL PROPERTY ORGANIZATH 
International Bureau 




PCX 

INTERNATIONAL APPUCATION PUBUSHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) International Patent Classification ^ 
H04N 7/167, 7/16, 5/00 



Al 



(11) International PubUcation Number: WO 98/56180 

(43) International Publication Date: 10 December 1998 (10.12.98) 



(21) International Application Number: PCrr/US98/l 1634 

(22) International FUing Date: 5 June 1998 (05.06.98) 



(30) Priority Data: 
60/048.852 



6 June 1997 (06.06.97) 



US 



(71) Applicant (for all designated States except US): THOMSON 

CONSUMER ELECTRONICS. INC. [USAJS]; 10330 North 
Meridian Street. Indianapolis, IN 46290-1024 (US). 

(72) Inventor; and 

(75) Inventor/Applicant (for US only): ESKICIOGLU. Ahmet, 
Mursit [TR/US]; 8235 Lakcshorc Trail No. 125. Indian^>o- 
lis. IN 46250 (US). 

(74) Agents: TRIPOLI. Joseph. S. et al.; GE & RCA Licensing 
Management Operation, Inc.. P.O. Box 5312. Princeton, NJ 
08543 (US). 



(81) Designated States: AL. AM. AT. AU. AZ. BA. BB. BG. BR. 
BY. CA. CH. CN. CU. C2. DE. DK. EE. ES. H. GB. GE, 
GH, GM. GW, HU. ID. IL, IS. JP. KE, KG. KP. KR. KZ. 
LC. LK, LR, LS. LT. LU. LV. MD, MG. MK. MN. MW. 
MX, NO. NZ. PL. PT. RO. RU. SD. SE. SG. SI. SK. SL. 
TJ. TM, TR. TT. UA. UG. US. UZ. VN. YU. ZW. ARIPO 
patent (GH. GM. KE, LS. MW. SD. SZ. UG. ZW). Euiasian 
patent (AM. AZ. BY. KG. KZ, MD. RU, TJ. TM), European 
patent (AT. BE. CH. CY. DE, DK. ES. Fl. FR, GB, GR. 
IE. IT. LU. MC. NL. PT, SE), OAPI patent (BF. BJ. CF, 
CG. CI, CM, GA. GN. ML. MR, NE, SN. TD. TG). 



Published 

With international search report. 



(54) Titie: GLOBAL CONDITIONAL ACCESS SYST^ FOR BROADCAST SERVICES 



750 



CA 




Billing Center 



700 

J 



I 

4 



400 



STB 


» • 




sc 







420 
J 



(57) Abstract 



A mt&od for managing access to a scrambled event, selected from an electronic program guide, of a swvice provider (including 
broadcast television networics. cable television networks, digital satellite systems, and internet service iHoyiders) Access to the event is 
only achieved if the descrambling key is obtained from a digitally signed message associated with flie event in tfie electronic program guide. 
Audientication of the electronic program guide provider involves decrypting Ae digital signature usmg a pubbc key of the guide provider. 
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1 . 

GT .OB AL CONDITTONAL ACCESS SYSTEM FOR BROADCAST SERVICES 

Field of the Invention 

5 This invention concerns a system for providing conditional 

access (i.e., managing access) to a consumer electronic device, such as 
a set-top box or a digital television, that is capable of receiving 
broadcast digital streams from a variety of sources, such as, broadcast 
television networks, cable television networks, digital satellite 
10 systems, internet service providers and sources of electronic list of 
events. 

Background of the Invention 

15 Today, as depicted in Figure 1, a user may receive 

services from a variety of service providers, such as broadcast 
television networks 22, cable television networks 24, digital satellite 
systems 26, and internet service providers 28. System 10 of Figure 1 
defines the present configuration for receiving services from such 
20 service providers. Most television receivers 12 are capable of 
receiving unscrambled, information or programs directly from 
broadcast and cable networks. Cable networks providing scrambled 
or encrypted programs usually require a separate stand-alone device 
16a, 16b (e.g., a set-top box) to descramble or decrypt the program. 
25 Similarly, digital satellite systems usually provide scrambled or 

encrypted programs that also require the use of a separate set- top 
box. These set-top boxes may utilize a removable smart card 18a, 
18b which contain the necessary decrypting algorithms and keys. 
Typically, a separate set-top box is required for each service 
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P^vider. Co„„ecdo„s .o Che i„l. „. 

-ually handled via a pe™„a, computer ,4 or ,he Hke 

T J- • J'+i or me hke, and a modem 

20. T.ad.„ona„y. acces. ,o .he i„.en,e, „a„a,ed us.„, a speci a, 
^ Jed ...a. paca, .oaded o„,o .he eo„p„.e. .J. 

'° ~ •» - ...ce provide, who ac.s as 

2 .eepe. .o U,e weh. .e. .,piea„. pa,s a .o„.h„ ^ 

unhn,«ed has.. As one w„„,d expec. U,e„ are numerous service 
, '''' ^P«'a..ed software for access. ■ 

Summary of the Tr^vo^Tinn 

The manufacturers of these diaifoi t^i • • 

tnese digital televisions and set-too boxe*. 

es.re .a. .he. he co.pensa.ed h. .he service provider ! 
each connecon .„ .he service en,ana.ing from .he box. Thus U,e 

" "-^^^-^ -^^"--^ °' - -..ons i : 

-.op boxes .„ con>bina.ion wi.h a con,pe.i,ive marke. for such 
evces necessi..es U>e need .o provide a s.s.e™ for .ana.in, 
cc ss so U,a. d,e .anufacurer is con.pensa.ed for an, use of . 
^^are .o access an, se.eced service provider. This inve„.ion 

xn par., .n recogniUon of .he described problem and. in par. 
.n providing a soIu.ion .„ u,e problem. 

An even, or program as described herein comprises one of U,e 
following: (1) audio/visual da.a such . 

show or H ""^"^y "television" 

^"ow or a doc„men.a.,; (2, ,,,, ^^^^^^^^ 

da.a such as .mages or (5, HTML dau (e.g.. web pages). These serviL 
~rs include an. provider br„adcas.ing even.s, for exlp, 
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traditional broadcast television networks, cable networks, digital 
satellite networks, providers of electronic list of events, such as 
electronic program guide providers, and in certain cases internet 
service providers. 

5 

Generally, the present invention defines a method for providing 
conditional access to a broadcast event from a service provider. That 
is, this method comprises receiving an electronic list of events, such 
as an electronic program guide, from a list provider, wherein the list 

1 0 has a digitally signed message corresponding to each event of the list 
or guide, the digitally signed message comprises a message encrypted 
using a second public key and a digital signature created using a first 
private key. The method further comprises selecting an event from 
the list; receiving the digitally signed message corresponding to the 

15 selected event; authenticating the list provider; decrypting the 

message using a second private key to obtain an event key; receiving 
the selected event which is scrambled using the event key; and 
descrambling the selected event using the event key to provide a 
descrambled event. 

20 

In accordance with one aspect of the present invention, the 
steps of decrypting the message, receiving the selected event, and 
descrambling the selected event are performed in a removable smart 
card coupled to the device wherein the second private key is stored 
25 in the smart card. 

In accordance with another aspect of the present invention, 
the message comprises event information which can be decrypted 
using the second private key. The event information further being 
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stored i„ the sn,ar, card having a card body with a plurality of 

arranged on a surface of U,e card body i„ accordance wi,b 
one of ISO standard 7816 or PCMCIA card standards. 

In accordance with yet another aspect of the present invention 
a systen, for .managing conditional access between a service provider 
and a device having a smart card coupled thereto, the device 
performing the steps of: receiving an electronic program guide having 
a dtgttally stgned message corresponding to each even, in the guide 

wherein each digitally Signed message comprises a message 
encrypted using a smart card public key and a digital signature 
created using a guide provider private key; selecting an event from 
*e guide; receiving the digitally signed message corresponding ,o the 
selected event; authenticaUng the guide provider by decrypting the 
*g..al signature; passing the message to a smart card; decrypting the 
message to obtain even, information and a symmetric key; storing the 
event informa.ion in .he smart card and updating account 
mformaUon; receiving U,e seleced event which is scrambled using 
the symmetric key; and descrambling fte selected event using the 
symmetric key to generate a descrambled event. 

m accordance wiU, yet another aspect of the present invendon 
a sys.em for managing access beiween a service provider and a 
dev.ce having a smar. card coupled thereto, U,e device performing 
the steps of: receiving an electronic program guide having a digiul 
eeruf.ca.e and a separa.e message corresponding .o each even, in the 
gmde. each of the digital cerdfica.es being encrypted using a firs. 
gu.de priva.e key. U,e separate messages being encrypted using a 
smart card public key and containing an associated signan.re created 
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using a second guide private key; selecting an event from the guide; 
receiving the digital certificate, message and associated digital 
signature corresponding to the selected event; authenticating the 
guide provider; passing the message to a smart card; decrypting the 
5 message using a smart card private key to obtain event information 
and a symmetric key; storing the event information in the smart card 
and updating account information based on the event information; 
receiving the selected event wherein the selected event is scrambled 
using the symmetric key; and descrambling the selected event using 
10 the symmetric key to generate a descrambled event. 



with reference to a preferred embodiment of the invention shown in 
the accompanying Drawings. 



Figure 1 is a block diagram illustrating a prior art 
configuration for interconnecting consumer electronic devices to a 
20 variety of service providers. 

Figure 2 is a block diagram illustrating one architecture 
for interfacing a common set-top box to a variety of service 
providers. 



These and other aspects of the invention will be explained 



Brief Description o f the Drawing 



25 



Figure 3 is a block diagram of an exemplary 
implementation of a system for managing access to a device in 



accordance with the invention; and 



BNSDOCID: <WO 9B561B0A1_I_> 



15 



0 



wo 98/56180 ^ 

PCT/US98/11634 

Figure 4 is a block diagram of anoiher exemplary 
implementation of the system of Figure 3. 

Petaiied nf^rriptinp »f ,f,r p mrim. 

The present invention provides a condiUonal access 
system which may be utilised to obtain services from one of a 
plurality of sources. The conditional access system when 
.mplemented within a set-top bo. permits the set-top box to 
authenUcate the service provider before a broadcast event is 
purchased and uses a smart card for decrypting the encrypted event 
received from the service provider. Alternately, the functionality of 
the smart card may be embedded within the set-top box. Such a 
conditional access system may act as a toll bridge for access to 
services thereby permitting a mechanism for the manufacturer of the 

Oils invention may be implemented within a digital television- for 
simplicity, the below description of the invention will be directed 
towards an implementation using a set-top box and a smart card. 

In Figure 2, system 30 depicts the general architecture for 
managing access to a set-top box (STB) 40. Smart Card (SC) 42 is 
inserted into or coupled to a smart card reader (no. shown) of STB 40- 
an internal bus 45 interconnects STB 40 and SC 42 thereby permitting 
the transfer of dau therebetween. Such smart cards include ISO 

(NRSS) Part A or PCMCIA cards complying with NRSS Part B 
Conceptually, when such a smart card is coupled to a smart card 
r-der, ti,e functionality of the smart card may be considered to be a 
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7 

part of the functionality of the set-top box thus removing the 
"boundaries" created by the physical card body of the smart card. 

STB 40 can receive services from a plurality of service 
providers (SPs), such as a broadcast television SP 50, a cable 
television SP 52, a satellite system SP 54, an internet SP 56, and an 
electronic event guide SP 58. Certificate authority (CA) 75 is not 
directly connected to either the service providers or STB 40 but 
issues digital certificates and public and private key pairs which are 
used as explained below. A set-top box public key is provided to the 
manufacturers of the devices and is stored therein before the product 
is shipped to the consumer. It is within the scope of this invention 
that the role of certificate authority 75 may be performed by the 
service providers in collaboration with the manufacturer of the STB 
40. Billing system 70 is utilized to manage the user's accounts; 
updated information is provided as user's make arrangements to 
purchase additional services and as these services are consumed or 
used. 

20 The general architecture of system 30 lends itself to 

achieving the goal of providing a vehicle for the manufacturer of the 
set-top box to collect a fee based on the consumer's use of the box to 
access an event. One adaptation of the general architecture would be 
to utilize a common conditional access and billing system 

25 encompassing all manufacturers and service providers. A problem 

with such an adaptation is that it may be difficult to obtain consensus 
amongst the various service providers and manufacturers of the set- 
top boxes. Another problem is that all the events would be encrypted 
using the public key of STB 40 and decrypted in SC 42 utilizing a 
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scored priv^e key of STB 40: thus if ,he private key were .o be 
compromised .he securi.y of *e e„Ure .ys.em wo.,d conapse. 

5 Which °' 

sy irr: ^= — --o„ .0 

oased on authentication of the tcrv.v. 

STB 4nn ■ P™^'"" communicating with 

400 pnor to purchasing a broadcast event from the service 
Prov der. ,„ one embodiment of this conditional access system a 
comb.naUon of both an asymmetric key system (i.e.. puWic-key 
system) and a symmetric key system is used. However this 

Keys as described below. 

Symmetric key cryptography involves the use of the same 
a.go„.hm and key for both encryption and dect^pUon The 
foundauon of publickey ^ptography rs the use of .wo related keys 

compu.a..ona„y unfeasible .o deduce .he priva.e key from .he public 
key whrch .s publicly available. Anyone wiu, a public key can 
«cryp. a message bu. only .he person or device having .he 
associated and prede.ermined priva.e key can decryp. it. similarly a 

I " - "^^^ ~ - 

a pr va Tk " '""^^''"^ — ^^"^ 

he publ,c key can verify U,a. *e message was sen. by the par.y 
.^ng .e pr.va.e key. This may be .hough, of as being analogous 
venfymg a signature on a document. 
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9 

A digitally signed message is a message sent in the clear 
(i.e., unencrypted) having a signature attached thereto. The attached 
signature is produced by encrypting either the message itself or a 
digest of the niessage; a digest of the message is obtained by hashing 
5 the message. (Hashing involves subjecting the message to a one-way 
hashing algorithm, such as MD5 developed by Ron Rivest or SHA-1 
developed by the National Institute of Standards and Technology 
(NIST) and the National Security Agency (NSA) prior to encrypting 
the message.) Thus the recipient of the signed message can verify the 
10 source or origin of the message. (In comparison, a public key 

certificate or digital certificate is a message, containing a public key of 
the sending device, sent in the clear having a signature attached 
thereto.) Unilateral authentication of a service provider connected to 
the set-top box is achieved by passing such digitally signed messages 
1 5 between the service provider and the set-top box and verifying the 
signature. Signature verification involves checking the signature by 
decryption. Particularly, these messages contain at least information 
associated with the service provider passing the message or the 
selected event from the service provider and may contain the service 
20 provider's public key. These digitally signed messages, which may 
have signatures created by independent certificate authority 75, are 
stored by the service provider. 

4 

The following nomenclature will be utilized in the below 
25 description of the present conditional access system. 

KSCpub SC's public key 
KSCpri SC's private key 
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KCApn CA-s Prtva. Ke, u.ed .0 c„a.e sig„a,„.es. 
^ KSPevent A service provider's even, key 

^0 hav.„, SC 420 ccup.ed .o a card reader („o, shown). STB 400 

con>n,„n,ca,es „i,h billing center 700, a plurality of ■ 

(for si„p,i.i,y, on,, one service provider T^o 

580. AS discussed above the Jf " ' 

aoove, the funcaonahty of SC 420 could be 

.megrated into STB 400 and STB 400 could be a distal , , • • 
EPt3 txn ~ ■. 'u oe a digital television. 

EPG 580 .ay be a separate service provider wherein electronic 
program gutdes containing lisUngs of events fro. a plurality of 
service providers .ay be accessed. Alternately, EPG 580 .ay 

EPG 580 has a unique digitally signed and encrypted 
message associated with each event Thic 

KSrn„K . ■ 'ntss^ge is encrypted by 

K.6Cpub and is sisned usino ir<-4„ • ... ' 

gnea using KCApn, the private key that CA 75n 
assigned to EPG SRn Tt ■ 
8 o EPG 580. The encrypted message .ay include 

informaaon corresponding to the se?ert„i 

KSPevent. "'"ted event and an event key. 



25 



After STB 400 is activated, SC 420 is coupled to a card 
reader of STB 400 (not shown,, and in response to a user 111 
desired even. fro. EPG 580 EPG 580 H ■ . ^ ' 

digitallv si, . downloads the coiresponding 

d.g.tally signed .essage into STB 400. EPG 580 .ust be 
authenticated to ensure that the digitally signed .essage was 

received fro. the desired provider Thi. ,,, ■ 

provider. This authentication involves 
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decrypting the digital signature in STB 400 using KCApub. KCApub is 
the public key that CA 750 assigned to EPG 580 and is stored in STB 
400. If EPG 580 is not authenticated, STB 400 provides an error 
indication to the user. Authentication of EPG 580 requires that a pre- 
5 existing agreement exists between the electronic guide provider 
source and the manufacturer of STB 400. This is because without 
such an agreement CA 750 would not provide KCApri to the source of 
electronic program guide. 

10 After STB 400 authenticates EPG 580, the encrypted 

message is passed to SC 420 for decryption. SC 420 decrypts the 
message using KSCpri, which is stored therein, to obtain the data 
corresponding to the selected event and the event key. This data 
may include data relating to channel identity, date and time stamp, 

15 event identity, and payment amount. This data is stored in a memory 
device within SC 420 and is used to update the user account 
information. The updated account information can be passed to 
billing center 700 using signed messages. 

20 The event key is retained within SC 420 thereby reducing 

the possibility of observing the key. The event key is used to 
descramble, in SC 420, the selected event received from the service 
provider; SC 420 provides a descrambled program to STB 400. 
Alternately, the event key could be passed back to STB 400 and used 

25 to descramble or decrypt the selected event in STB 400. 

If the functionality of the smart card is embedded in the 
set-top box, the encrypted message . would be decrypted within STB 
400 and the event information would be stored within the set-top 
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box. Similarly, the event Icey would remain in the set ton h 
used to descramhl. tu , we set-top box and be 

descramble the selected event within STB 400. 

System 300', as depicted in Figure 4 .h 

' exemplary embodiment of the present i ^'"""^^^ 

tne present invention wherein a 

yiijviaer. ihe service providpr fh^« • 
generate digitally si<,„=d 

-i.. eve. .0. L t „• e C s" rr ' """"^ ^ 

- ^ ..... : ;~ — e 

Of SC 420.. KSCpu. a:, , ^^^^J""- 
private key KSPnH tk^ provider s 

ey. K!>Ppri. The encrypted message may inclnd. • ^ 



20 



In the same manner as for EPn ^sn • .u 
Figure 3 EPG 580' . embodiment in 

involves de "'^^ ^^^^^^ 

evolves decrypting the digital certificate in STB 400' using KCA . 

which is stored therein to obtain K«?Pn k . ^ ' 

" ^'Sne. „e.age i. S.B .00. ^ S^'. ""^"^ ^ "'^""^ 

In another embodiment of the nre^ent i,,, • 

..... ..ea _ge co..p„ j::r r^^^^^^^ 
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message. This encrypted message would only contain information 
related to the event, that is, the event key would not be included. In 
such an embodiment, public key cryptography may be used to 
encrypt the broadcast event. The electronic program guide must still 
be authenticated in STB 400 as described above. However, the 
decrypted message only contains information corresponding to the 
selected event. This information is stored and must be used by SC 
420 to determine the private key for decrypting the event. In this 
embodiment utilizing public key cryptography, key transport is not 
needed. 

The present invention has been described in terms of 
exemplary embodiments in which a single smart card cooperates with 
a single set-top box to manage access to a single service provider. 
However, it is within the scope of this invention to provide a 
conditional access system which may be extended to permit the smart 
card to "roam" across (i.e., provide conditional access between) 
multiple service providers and multiple manufacturers of the set-top 
boxes. 

The robustness of the defined system may be increased 
by encrypting portions of the event with different keys included in 
the broadcast stream. These keys may be protected using the 
symmetric key received from the electronic program source. 

While the invention has been described in detail with 
respect to numerous embodiments thereof, it will be apparent that 
upon reading and understanding of the foregoing, numerous 
alterations to the described embodiment will occur to those skilled in 
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.he art and i, is intended to include such alterations witl,in the scope 

of the appended claims. 



Ik 
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Claims 

1 . A method for managing access to an event of a service provider, 
said method comprising: 

5 (a) receiving in a device an electronic list of events from a list 

provider, said list having a digitally signed message corresponding to 
each event in said list, each of said digitally signed messages comprise 
a message encrypted using a second public key and a digital signature 
created using a first private key; 
10 (b) selecting an event from said list; 

(c) receiving in said device said digitally signed message 
corresponding to the selected event; 

(d) authenticating said list provider, using a first public key, 
in response to said digital signature; 

15 (e) decrypting said message using a second private key to 

obtain an event key; 

(f) receiving from the service provider said selected event, 
said selected event being scrambled using said event key; and 

(g) descrambling said selected event using said event key to 
20 provide a descrambled event. 

2. The method of Claim 1 wherein the steps of decrypting said 
message, receiving said selected event, and descrambling said 
selected event are performed in a smart card coupled to the device, 

25 said second private and public keys being associated with said snlart 
card and said second private key being stored in said smart card. 
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3: The .eU,od of c,ai„ 2 whe'rL said message f„,her co^prt., 
.„.™aUo„, ... ..™3.o„ de„,p.ed .J ^ 

second private key. 

5 4^ The method of Cai. 3 f„^„ co„p.si„, .,e s.ep of s.oring 
-d even, .„fo„„a.i„„, .herein said s.ep of .oH„g .id even. 
.nformaUon is performed i„ said removable smar, card. 

5. The .eehod of Clain, 4 .herein said s.ar, card has a card body 
body .„ accordance wi.h one of ISO 78,6 and PCMCIA card standards. 

6. The .echod of Clain. 5 wherein .he step of authencicaang 
comprises decrypting said digi.l signature in said device to verify 

15 the ongin of said message. : ^ 

■>■ The method of Claim 6 wherein said first public key is stored in 



said device 
20 8. 



25 



The method of Cairn 4 wherein said even. informaUon 
comprises channel identification data, event idenUty data, date and 
ume stamp data, and bilUng dau. 

^- The method of Claim 3 further comprising the step of storing 
^atd event information, wherein said step of storing said even. 
informaUon is performed in said device. 
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10. The method of Claim 1 wherein said digital signature, said first 
public key and said first private key are issued by an independent 
certificate authority and are associated with said list provider. 

5 11. The method of Claim 10 wherein said device is a digital 
television. 

12. The method of Claim 10 wherein said device is a set-top box. 

10 13. The method of Claim 4 wherein said event information is used 
within said device to update said user's account information. 

14. The method of Claim 13 wherein said event information is 
downloaded to an independent . billing center to update a user's 

15 account information. 

15. In combination in a system for managing access between, a 
service provider and a device having a smart card coupled thereto, 
said device performing the steps of: 

20 (a) receiving an electronic program guide from a guide 

provider, said guide having a digitally signed message corresponding 
to each event in said guide, each of said digitally signed messages 
comprise a message encrypted using a public key of the smart card 
and a digital signature created using a private key of said guide 

25 provider; 

(b) selecting an event from said guide; 

(c) receiving said digitally signed message corresponding to 
the selected event; 
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(d) amhe„.ica.i„g said p„vider by decrypting said 

^ .id ,uide L lide 

pubhc Icey being stored in said device; 



device; 



(e) passing said „,essage to a smart card coupled to the 



card t obt "'"^ ^ '''^ °' ™- 

.0 obtatn even. infor.„.,„„ , ^^^^ ^^^^ ^ 

card pnvate key being stored within the smart card- 

(g) """"S ^aid even, information in the smart card and 
updating account information based on said event information- 

(h) receiving from the service provider said selected event 
-d selected even, being scrambled using said symmetric key; and 

« descrambling. in said smart card, said selected even, using 
^a.d symmemc key to generate a descrambled event. 

16^ . The combination of Claim .5 wherein the device is a sei-top 

17. The combination of Claim 15 wherein the device is a digiul 
television. 5 ' 
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18. In combination in a system for managing access between a 
service provider and a device having a smart card coupled thereto, 
said device performing the steps of: 

(a) receiving an electronic program guide, said guide having a 
5 digital certificate and a separate message corresponding to each event 
in said guide, each of said digital certificates being encrypted using a 
first private key of said guide, said separate message being encrypted 
using a public key of the smart card and having an associated digital 
signature created using a second private key of said guide; 
10 (b) selecting an event from said guide; 

(c) receiving said digital certificate, said message and said 
digital signature corresponding to the selected event; 

(d) authenticating said guide provider by decrypting said 
digital certificate using a first public key of said guide to obtain a 

15 second public key of said guide, and decrypting said digital signature 
using said second guide public key, said first guide public key being 
stored in the device; 

(e) passing said message to said smart card; 

(f) decrypting said message using a s private key of the 
20 smart card to obtain event information and a symmetric key, said 

smart card private key being stored within the smart card; 

(g) storing said event information in the smart card and 
updating ac-count information based on said event information; 

(h) receiving from the service provider said selected event, 
25 said selected event being scrambled using said symmetric key; and 

(i) descrambling, in said smart card, said selected event using 
said symmetric key to generate a descrambled event. 
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The co.5i„a«o„ of C.ai™ .s'l.e.in .he device is a se.-.op 



20. The c„„,bi„a.„„ of Cai™ ,8 wherein .he device is a di.i.a. 
5 television. "^e"ai 
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